Linux special permission set_uid

Keywords: Anaconda Linux ssh

Special permission set_uid

By default, under the newly installed Linux system, only one command has set_uid special privileges.

Commands (files) with s privileges: To ensure that non-owner users have temporary ownership when using this command; set_uid special privileges for a file, provided that the file is an executable binary file (usually with such special privileges for commands), otherwise it is meaningless, such as setting a set_uid privilege 1 for a folder It has no practical significance.

1. Add set_uid special privileges to the command

File path chmod u+s/usr/bin/ls Chmod u-s/usr/bin/ls for formatting chmod u+s command

/ The permissions of root/directory are accessible only to root users and users under root group, and no other users have any permissions.
[root@allinlinux-01 ~]# Ls-ld/root/dr-xr-x---.3 Root 178 June 8 14:16/root/
If you use an ordinary user to view the contents in / root / directory, you will report an error of insufficient permission.
[allin1@allinlinux-01 ~]$ls-l/root/ls: unable to open directory/root/: insufficient permissions
After adding the set_uid special command to the ls command, verify that you can temporarily add permissions to view / root / directory that only root users have
[root@allinlinux-01 ~]# which lsalias ls='ls --color=auto'
	/usr/bin/ls[root@allinlinux-01 ~]# ls -l /usr/bin/ls-rwxr-xr-x. 1 root root 117656 11 month  6 2016 /usr/bin/ls[root@allinlinux-01 ~]# chmod u+s /usr/bin/ls[root@allinlinux-01 ~]# !lsls -l /usr/bin/ls-rwsr-xr-x. 1 root root 117656 11 month  6 2016 /usr/bin/ls[root@allinlinux-01 ~]#

Switch to the ordinary user of allin1 and use the ls command again to see if the ordinary user has the privileges of the root user. You can see / root / directory
[root@allinlinux-02 ~]# ssh -p 22 root@192.168.245.130Last login: Fri Jun  9 08:54:21 2017 from 192.168.245.132[root@allinlinux-01 ~]# whoamiroot
[root@allinlinux-01 ~]# Last login for su - allin1: May/June 9 08:54:30 CST 2017pts/3
[allin1@allinlinux-01 ~]$ whoami
allin1
[allin1@allinlinux-01 ~]$ ls -l /root/
//Total dosage 8-rwx-x-x.1 root June 8 14:16 2.txt
-rw-------. 1 root root 7728 6 month   6 22:11 anaconda-ks.cfg.1[allin1@allinlinux-01 ~]$

2. The second way to add set_uid special permissions to commands

Format: chmod u=rws command file path chmod u=rws /usr/bin/ls

The permissions of the modified ls command are different from those of the modified ls command in the first way, but the effect is the same.

[root@allinlinux-01 ~]# chmod u-s /usr/bin/ls[root@allinlinux-01 ~]# Ls-l/usr/bin/ls-rwxr-xr-x.1 Root 117656 November 2016/usr/bin/ls
[root@allinlinux-01 ~]# chmod u=rws /usr/bin/ls[root@allinlinux-01 ~]# Ls-l/usr/bin/ls-rwSr-xr-x.1 Root 117656 November 2016/usr/bin/ls
[root@allinlinux-01 ~]#

After adding set_uid's special permission, the permission of ls command becomes rwS, which is capitalized S. After adding special permission in the first way, the permission of ls command is rws, which is lowercase s.. The difference between the two ways is that the second way lacks x permission, if you want to be lowercase s, you can add additional x permission, but this does not affect the ls command. Temporarily has root user privileges.

[allin1@allinlinux-01 ~]$ ls -l /usr/bin/ls
-rwSr-xr-x. 1 root root 117656 11 month  6 2016 /usr/bin/ls
[allin1@allinlinux-01 ~]$ ls -l /bin/ls
-rwSr-xr-x. 1 root root 117656 11 month  6 2016 /bin/ls
[allin1@allinlinux-01 ~]$ ls -l /root/
//Total dosage 8-rwx-x-x.1 root June 8 14:16 2.txt
-rw-------. 1 root root 7728 6 month   6 22:11 anaconda-ks.cfg.1[allin1@allinlinux-01 ~]$

Add x permissions
[root@allinlinux-01 ~]# chmod u+x /usr/bin/ls[root@allinlinux-01 ~]# Ls-l/usr/bin/ls-rwsr-xr-x.1 Root 117656 November 2016/usr/bin/ls


Posted by dkjohnson on Sun, 23 Jun 2019 16:25:05 -0700